The enormous growth in the amount and types of digital information stored in computer file systems has led to new paradigms for representing information to computer users that go beyond the traditional hierarchical directory structure of physical file systems. One new metaphor used to represent file system information is the “content-based” file system, where a directory structure is built using “virtual directories” that are based on characteristics of the files in the file system, such as file content, structure, and metadata. For example, in a content-based file system, files containing information about employees who received a $50,000 bonus might reside in the virtual directory path “/employees/employee/bonus/50000” that may then be traversed to access the files.
In physical file systems that implement the traditional hierarchical directory structure, access security is often implemented at the file or directory level, where information is maintained regarding a user's right to access a file or directory. Thus, a user who does not have rights to a particular file or directory is typically precluded from accessing the file or directory, receiving information regarding the file or directory, or even from “seeing” the file or directory itself. Unfortunately, in a content-based file system, the very knowledge of the existence of a virtual directory may allow a user to deduce information about the content of files in the file system. Also, the very knowledge of the existence of a file under some virtual directory allows a user to deduce information about the content of that particular file. In both cases, a user may deduce information about the content of files without actually opening and reading the files. For example, the existence of the virtual directory path “/employees/employee/bonus/50000” indicates the existence of one or more files containing information about one or more employees whose bonus was $50,000. In addition, the existence of the file “Filel.doc” under the directory “/employees/employee/bonus/5000” indicates that the Filel.doc contains information about the fact that some employee's bonus was $50,000. Furthermore, in a content-based file system directories are typically not generated in advance, but rather are generated in response to user requests to traverse the virtual directory tree, thus precluding the use of conventional directory-level access security. It would therefore be advantageous to enforce user rights in a content-based file system that does not require knowing each possible virtual directory in advance and that withholds information from users that they are not authorized to have.